﻿using MySql.Data.MySqlClient;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Security.Cryptography;
using System.Text;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.WebControls;

public partial class index : System.Web.UI.Page
{
    //用户角色分配
    protected void SetLoginCookie(string username, string roles)
    {
        System.Web.Security.FormsAuthentication.SetAuthCookie(username, false);
        System.Web.Security.FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(1, username, DateTime.Now, DateTime.Now.AddDays(1), false, roles, "/");
        string hashTicket = FormsAuthentication.Encrypt(ticket);
        HttpCookie userCookie = new HttpCookie(FormsAuthentication.FormsCookieName, hashTicket);
        HttpContext.Current.Response.Cookies.Add(userCookie);
    }

    protected void Page_Load(object sender, EventArgs e)
    {
        string nameIndex;
        //Request.Form["userName"].ToString()接收Html页面传来的请求
        if (Request.Form["id"] == null)
            ;
        //Response.Write(Request.Form["username"].ToString());
        else
        {
            int role = int.Parse(Request.Form["role"].ToString());
            p1.InnerText = role.ToString()+"aaa";
            string id = Request.Form["id"].ToString();
            string password = Request.Form["password"].ToString();
            string userName = "";
            Response.Write(id);
            Response.Write(password);
            Response.Write(role);

            MySqlConnection con = DbUtils.getCon();
            MySqlCommand cmd;
            if (role == 0)
            {
                nameIndex = "sname";
                cmd = new MySqlCommand("select password,salt,sname from student where sid='" + id + "'", con);
            }

            else
            {
                nameIndex = "tname";
                cmd = new MySqlCommand("select password,role,salt,tname from teacher where tid='" + id + "'", con);
            }
            MySqlDataReader dr = cmd.ExecuteReader();
            if (dr.Read())
            {
                userName = dr[nameIndex].ToString();
                string salt = dr["salt"].ToString() + userName;
                password = PasswordHelper.Encrypt(password, salt);
                if (dr["password"].ToString().Equals(password))
                {
                    FormsAuthentication.SetAuthCookie(userName, true);
                }
                else
                {
                    DbUtils.close(con,dr);
                    Response.Redirect("login.aspx?error=1");
                }
            }
            else
            {
                DbUtils.close(con, dr);
                Response.Redirect("login.aspx?error=0");
            }


            if (nameIndex.Equals("tname"))
            {
                if (dr["role"].ToString().Equals("0"))
                {
                    SetLoginCookie(userName, "teacher");
                   
                }
                else if (dr["role"].ToString().Equals("1"))
                {
                    SetLoginCookie(userName, "admin");
                }
                else
                    Response.Redirect("login.aspx?error=2");
                DbUtils.close(con, dr);
                Response.Redirect("teacher/tmain.aspx");
            }
            else
            {
                DbUtils.close(con, dr);
                Response.Write(userName);
                Response.Redirect("student/main.aspx");
            }
        }
    }
}